“The biggest problem people have is when they sit too long” instead of quickly notifying the proper personnel of a potential breach, Mr. Nahra said at a conference sponsored by the International Association of Privacy Professionals. His comments were featured in the January 2016 issue of the Employer’s Guide to HIPAA Privacy Requirements.

Organizations must provide targeted training to ensure their employees would quickly take the proper steps in response to a possible breach, Mr. Nahra said. “The lowest-level people in your company can have things happen to them,” he said. “I want them to know where to go when there’s a problem.”

Another common pitfall is that organizations often focus too soon on potential notice obligations, Mr. Nahra said. “Don’t let issues about notice distract you too early on” from the broader investigation of a breach, or from fixing the problem itself, he said.

SIGNAL Group (formerly McBee Strategic Consulting, LLC) is a wholly owned subsidiary of Wiley Rein. SIGNAL is a total solutions provider—advocacy, strategic communications, research, and digital media—for clients seeking to engage the federal government to achieve competitive advantage, influence public policy, establish new markets, and secure public capital.